The City of Philadelphia is investigating a information breach aft attackers "may person gained access" to City email accounts containing individual and protected wellness accusation 5 months ago, successful May.
While officials discovered nan incident connected May 24 pursuing suspicious activity successful nan City's email environment, the investigation found that nan threat actors whitethorn person accessed emails successful nan compromised email accounts for astatine slightest 2 months aft nan City became alert of nan incident.
"However, to date, nan investigation wished that betwixt May 26, 2023 and July 28, 2023, an unauthorized character whitethorn person gained entree to definite City email accounts and definite accusation contained therein," nan breach notice says.
"Also, connected August 22, 2023, we became alert that nan at-issue email accounts see email accounts that whitethorn incorporate protected wellness information."
While nan investigation and a manual reappraisal of nan affected email accounts are still ongoing, nan City revealed that nan types of accusation exposed for impacted individuals see a operation of:
- demographic information, specified arsenic name, address, day of birth,
- social information number, and different interaction information;
- medical information, specified arsenic test and different treatment-related information;
- and constricted financial information, specified arsenic claims information
"In an abundance of caution, we are conducting a comprehensive, programmatic and manual reappraisal of nan perchance impacted email accounts to find whether individual accusation aliases protected wellness accusation was perchance affected," nan announcement says.
"If so, nan City will activity to corroborate nan identities and interaction accusation for perchance impacted individuals and supply announcement via written letter."
City officials besides urged individuals who whitethorn person been affected to enactment vigilant against financial fraud attempts and imaginable incidents of personality theft.
They advised monitoring in installments reports and relationship statements closely, enabling individuals to promptly pass their security company, healthcare provider, aliases slope astir immoderate suspicious activity.
City officials are yet to supply specifications connected really nan attackers breached nan City's email accounts and nan reasons down nan hold successful disclosing nan incident for 5 months.
As reported by The Philadelphia Inquirer, nan City's Department of Behavioral Health and Intellectual Disability Services (DBHIDS) also disclosed a HIPAA breach in June 2020 aft nan individual wellness accusation of individuals it served was compromised pursuing a March phishing attack.
A breach notice revealed that nan email accounts of DBHIDS and Community Behavioral Health labor were hacked successful nan phishing onslaught and were accessed by nan attackers betwixt March 31 and November 15, 2020.